Навигация

Used to create an encryption key or to encrypt portions of connection
strings for use in mapfiles (added in v4.10). Typically you might
want to encrypt portions of the CONNECTION parameter for a database
connection. The following CONNECTIONTYPEs are supported for using
this encryption method:

The location of the encryption key can be specified by two mechanisms, either by
setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive
in the MAP object of your mapfile. For example:

CONFIGMS_ENCRYPTION_KEY"/path/to/mykey.txt"

Use the { and } characters as delimiters for encrypted strings inside database
CONNECTIONs in your mapfile. For example:

Generate an encryption key (note that this key should not be stored
anywhere within your web server’s accessible directories):

msencrypt-keygen"E:\temp\mykey.txt"

And this generated key file might contain something like:

2137FEFDB5611448738D9FBB1DC59055

Encrypt the connection’s password using that generated key:

msencrypt-key"E:\temp\mykey.txt""iluvyou18"

Which returns the password encrypted, at the commandline (you’ll use
it in a second):

3656026A23DBAFC04C402EDFAB7CE714

Edit the mapfile to make sure the ‘mykey.txt’ can be found, using
the “MS_ENCRYPTION_KEY” environment variable. The CONFIG parameter
inside the MAP object can be used to set an environment variable
inside a mapfile:

MAP...CONFIG"MS_ENCRYPTION_KEY""E:/temp/mykey.txt"...END#mapfile

Modify the layer’s CONNECTION to use the generated password key,
making sure to use the “{}” brackets around the key: